FCC Refuses To Release Evidence Of The ‘DDoS Attack’ On Its Website
A couple of weeks ago, John Oliver asked viewers to express their concerns about net neutrality on the FCC’s website. Shady antics ensued and the FCC claimed its official website fell victim to a DDoS attack. Activists, senators and security experts have demanded to see the logs, but the FCC has decided they can’t show anyone because of “privacy” concerns.
In 2014, when the US Federal Communications Commission first proposed its net neutrality rules, a record-breaking 3.7 million comments were filed with the agency, the vast majority of which supported the proposal. Since Ajit Pai unleashed his “weed whacker” proposal to decimate those rules three weeks ago, the comments are pouring in yet again — more than 550,000 have been filed thus far.”]
The FCC really doesn’t want to see negative feedback about its recent string of terrible decisions. It made its commenting system so difficult to navigate that John Oliver’s team had to set up a special URL that would redirect people to the correct page. As expected, a lot of people began pleading with the FCC to save net neutrality regulations.
And then something weird happened. The FCC’s website started having troubles and went down completely the day after John Oliver’s segment. The agency claimed that it was the victim of a DDoS attack.
That week, people also started noticing the same language being used on comments that were in favour of killing net neutrality protections. When the people who allegedly wrote the comments were contacted, they had no idea why their name was being used. This led to the presumption that bots were being employed to promote an anti-net neutrality position.
Activist groups demanded documentation on the alleged DDoS attacks from the FCC. In an official statement, the non-profit group Fight for the Future wrote:
There are two possible scenarios and they are both concerning:
1. FCC is being intentionally misleading, and trying to claim that the surge in traffic from large numbers of people attempting to comment following John Oliver’s segment amounts to a “DDoS” attack, in order to let themselves off the hook for essentially silencing large numbers of people by not having a properly functioning site to receive comments from the public about an important issue, or
2. Someone actually did DDoS the FCC’s site at the exact same time as John Oliver’s segment, in order to actively prevent people from commenting in support of keeping the Title II net neutrality rules that millions of people fought for in 2015.
Since then, the FCC has gone into a “sunshine period“, which is an odd procedural standard in which they don’t take public comment on decisions that are currently under consideration.
In a new interview with ZDNet, FCC Chief Information Officer David Bray said that the logs will not be released. He claims that the attack did not come from a botnet, but was instead coming from commercial cloud services. It used the FCC’s API which is legally required to be open to the public. He says that the logs of the attack won’t be released because they contain private information like IP addresses. Yes, the FCC is suddenly worried about people’s privacy in this situation that doesn’t involve major companies paying for their information.
The US House of Representatives voted today to repeal rules preventing internet service providers from selling their customers' web browsing and app usage data without explicit consent. The Senate passed the same bill last week, which means the only obstacle that remains is a signature from President Trump -- and the White House has already signalled he will do so.
To recap: Seemingly legitimate comments were overwhelmed by demonstrably fraudulent comments. The FCC site was off and on. The agency claimed it was the victim of a DDoS attack but refuses to prove it. And any sort of pretense that the public’s voice in the matter was being heard has been chucked out the window.
Evan Greer, campaign director at Fight for the Future, told ZDNet in a statement:
They should immediately disclose this information to the appropriate authorities and to journalists who can investigate this. If the culprit is an organisation, the FCC should disclose that. The public needs to know if companies like Comcast and Verizon are funding this identity theft and attempt to undermine the democratic process.
Indeed, at the very least we should be getting information about a law enforcement investigation of the DDoS attack. What we have is the FCC saying that it will honour the obviously fraudulent comments, and despite overwhelming support for net neutrality, the plan to gut it has been approved. The process of removing protections for the open internet has begun and the comment system will reopen until August.